Ask Dave Taylor: Tech and Business


Deleted Lsass.exe from System32: Is this a problem?

Dave, I have deleted the file lsass from System32. My Windows is XP Home Edition. There is something I need to do now to fix my computer, or can I run in blissful ignorance?

Well, the file you're talking about is lsass.exe and it turns out that this is the Local Security Authentication Server. It verifies the validity of user logons to your PC/Server and generates the process responsible for authenticating users for the Winlogon service.

This process is performed by using authentication packages such as the default Msgina.dll. If authentication is successful, Lsass generates the user's access token, which is used to launch the initial shell. Other processes that the user initiates inherit this token so that you don't have to keep logging in every time you launch a program.

The lsass.exe file is properly located in...